1 Reply Latest reply on Feb 10, 2004 12:14 AM by Juha Lindfors

    Using ThreadLocal as a transaction cache.

    Steven Harris Newbie

      Some background:

      We have a client that calls a method on a stateless session bean to
      act on other beans through local interfaces in a single (required) transaction

      We wrote a SecurityProxy that does instance-based per-method authorization,
      using our own fine grained permissions which are set for the user in the
      database. This user does a JAAS login using Client and Database login
      modules, so in SecurityProxy invoke() we can get his Principal from the
      EJBContext and we can look up his permissions in the database based on
      the name of that Principal.

      But we don't want to do this database permissions lookup on every method invocation,
      so we cache the set of permissions for that user in ThreadLocal the first time
      our SecurityProxy does an invoke(), and we clear it out when the
      transaction finishes (based on a Synchronization).

      My question:

      Is it legitimate to assume we will have the same thread through multiple
      calls to local bean method invocations throughout one transaction. It
      seems to work, but are we just lucky?